Article ID: 885957 - View products that this article applies to.
The software update management process lets organizations control how they maintain and deploy software releases to their production environments. Software update management improves operational efficiency and effectiveness, helps overcome security vulnerabilities, and helps maintain the stability of the production environment. For general information about Microsoft software update strategies, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc768045.aspxWhen you plan a software update management strategy for computers that are running Microsoft Internet Security and Acceleration Server (ISA Server), consider the following recommendations:
PrerequisitesYou should install hotfixes and updates only on computers that are running the version of ISA Server that is specified by the hotfix or by the update. For example, you should install hotfixes and updates for ISA Server 2004, Standard Edition only on computers that are running ISA Server 2004, Standard Edition. You can install ISA Server 2006 hotfixes only on computers that are running ISA Server 2006.
Downloading and installing hotfixesDownload and install the hotfix as instructed by Microsoft Product Support Services, as described in the Microsoft Knowledge Base article for the hotfix, or as described on the Microsoft Download Center.
While you install the hotfix, the driver and services might stop on the computer that is running ISA Server. Sometimes, you may have to physically disconnect the ISA Server computer from untrusted networks, such as external networks, before you install the hotfix. You can learn whether this disconnection is required by reading the Microsoft Knowledge Base article that accompanies the hotfix or the download site's instructions.
Note If ISA Server services are installed, ISA Server enters lockdown mode during installation. After installation, the ISA Server computers or array members must be restarted.
Administrative installationBy using administrative installation, you can integrate an update into the ISA Server administrative installation point before you run ISA Server Setup. For more information about administrative installation, visit the following Microsoft Web site:
How to install updates for Enterprise editions of ISA Server
Staged updatesIn large enterprises, you may be unable to install updates concurrently on all ISA Server computers. In this case, we recommend that you install updates in the following order:
Other issuesWhen you run a monitoring application, such as the Microsoft Operations Manager (MOM) Management Pack for ISA Server, you use ISA Server files. Using these files may interfere with ISA Server Setup. To avoid this problem, stop the monitoring application before you do any of the following:
Troubleshooting installationBy default, a log is not created when you install a hotfix. You can specify that a log is to be created during the installation. You can then use this log together with Microsoft Product Support Services to troubleshoot installation problems. Logging is only useful if installation fails. If you install again after a successful installation, no useful information is logged. To specify that a log is to be created during the installation of a hotfix, type the following at a command prompt:
Msiexec /p Hotfix_Name.msp REINSTALL=ALL REINSTALLMODE=omus /l*vx! Logfile_Name.logThis statement is interpreted as follows:
You can also examine the event viewer for relevant information. After the installation is complete, an event indicates whether the hotfix installation was successful.
Verifying installed hotfixes and updatesYou can use the Add or Remove Programs item in Control Panel to find ISA Server hotfixes and updates that you have installed. Hotfixes are labeled with the name of the product. The name of the hotfix also includes the Microsoft Knowledge Base article number that is associated with the hotfix.
Uninstalling hotfixesDuring the uninstallation process, installation source files may be required, such as the CD-ROM or the network location of the ISA Server Standard Edition installation files. If the files are inaccessible, the Microsoft Firewall service may not start. If this happens, uninstall the service pack again to make sure that you can access the installation source files, rerun the installation, or run ISA Server Setup in the Repair mode.
If you cancel the uninstallation of a service pack when you are not connected to the installation source files, ISA Server services may not start. If this happens, let the uninstallation process finish. To do this, run the service pack installation again, run Repair, or uninstall the service pack again.
You can use the Add or Remove Programs item in Control Panel to uninstall hotfixes and updates. To uninstall an ISA Server 2004 hotfix or update, you must first install Windows Installer 3.0. For more information about Windows Installer 3.0, visit the following Microsoft Web site:
Installing hotfixes and updates on Firewall Client computersFollow the instructions for installing ISA Server 2004 hotfixes and ISA Server 2006 hotfixes to install Firewall Client hotfixes and updates on client computers that are running Firewall Client software. ISA Server 2004 includes the option to install a Firewall Client Share during Setup. Each fix that affects Firewall Client software includes a hotfix or update that you can apply directly to client computers. Each fix also includes a second hotfix that you can apply to the ISA Server 2004 Firewall Client Share. Hotfixes that are applied to the Firewall Client Share can then be distributed to client computers. To update a Firewall Client Share with a hotfix or update, use one of the following methods:
Article ID: 885957 - Last Review: February 5, 2009 - Revision: 13.1